We have one zone set for Active directory to update dynamically that has
stopped doing so.
Someone manually updated the zone without doing a freeze/thaw and the host that
was added wasn’t properly resolving. What I found looking for a solution was to
freeze the zone, delete the .jnl file, update the serial #, then thaw the zone.
That got lookup working properly again, but now the zone is not longer
updating. I found a bunch of errors about permissions denied
Mar 2 14:00:30 example named[42659]: etc/DynZone.Hosts.jnl: create: permission
denied
I created the file and chowned it to named
but it hasn’t been written to:
-rw-r--r--. 1 root root 108578 Feb 22 09:43 DynZone.Hosts
-rw-rw-r--. 1 named named 0 Mar 2 14:01 DynZone.Hosts.jnl
I know that there have been new hosts added that should have been updated in
that zone.
It was working before the incident so I don’t think it’s a permissions issue,
but I could well be wrong.
Unfortunately I can’t really find any info on what the permissions SHOULD be
for the bind config and files.
Another clue that permissions are wrong, is that any time I’ve tried to set up
logging directives in named.conf restarting it results in a failure due to
permissions; but as I mentioned, it was working until recently.
This is the zone config in named.conf:
zone “DynZone.com" {
type master;
file “etc/DynZone.Hosts";
check-names ignore;
allow-update {"trusted";};
};
The trusted acl is a list of our (name) vlans, but checking the config syntax
with named-checonf -z shows all are properly loading, and the zone transfers
after the manual update did work.
--
Bruce Johnson
University of Arizona
College of Pharmacy
Information Technology Group
Institutions do not have opinions, merely customs
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
